Wireless Access

Hi Based on this KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1544 we will be implementing custom-captive portal certificate on a master & multi-local setup. Can we generate CSR from the master and get the certificate from the CA. Then upload the obtained certificate on the master and all the local controllers?

You should do the csr from a server so that you can export the private key.

Then sign it, import it to the server, then export it with the private key.

Then import it on the controllers.

Easiest way is to use a Windows box with IIS or a Linux box with openssl.

Hi 

 

Thank you for help. as per this KB.

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1207

 

I can use the CSR generated from master controller, and get the server certificate from the CA. 

 

then upload and use the same certificate on all controllers, it will work, right? 

Hi Yogenpartha,

 

It won't work.

 

You have two options ::

 

1. Generate CSR on each controller and get them signed. When CSR is generated on controller; the private key doesn't leave the box (for security reasons). Please see here https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-890
2. Generate CSR outside as mentioned already and get it signed. In this case; we can upload single cert to all controllers as private key isn't locked to the controller where CSR was generated.

Hope this helps.

 

 

Hi 

 

Thank you for reply. Can a public CA, generate a CSR by themselves with the details needed for generating the CSR. I dont know how it works.. 

 

so that i can use the same certificate on all the OAW controllers? 

You should generate the CSR on an external server so that you can export the private key. If you have the private key, you can use the cert on all of your controllers.